This is our current recommended procedure for backing up office 365 mailboxes using a single task and single login. It applies to BackupAssist 365 v1.3 and later (late October 2019 release).
It is possible to create a special “backup user” login in Office 365 and use that to log in for the backup task.
This is preferred because:
- Better security – the backup user can be assigned a special complex password that is only used in BackupAssist 365 and is never given to users.
- No licence is required for the backup user – therefore it won’t cost anything.
- Using a special backup user minimises the possible throttling that may be experienced on heavy usage. In the example above, if O365 throttles on a per-user basis, Fred would experience slower performance while a backup is running.
How to set up the backup user account for backing up Office 365 mailboxes
Follow these instructions:
- Create a new user in Office 365, as shown in the screenshot below. You can call the user anything you want, but we recommend something that will be easy to remember.
- Create a password at the time of setting up this user.
- Make sure both checkboxes at the bottom are unchecked. If you require the user to change the password, BA365 will be unable to login.
2. Create the user without a license. This is so you don’t have to pay for an unnecessary license.
3. Set the role to Exchange administrator. To do this, uncheck the “User” checkbox and then check “Exchange administrator”. This role is required to allow the user to back up multiple mailboxes. (Note: if you also wish to back up SharePoint documents with the same user identity, also check the “SharePoint administrator” role. Full details are on this page.)
4. Confirm the settings as shown
5. In BA365, use that new user in the task setup.
Security note
Your username and password are stored securely encrypted on disk. These credentials are never included in any diagnostics file that you send to our technical support department.
Future work – oAuth authentication
We understand that some of you will be enforcing 2FA policies, and may disallow the App Password option.
We have planned an enhancement to BackupAssist 365 to allow you to authenticate via oAuth instead of using username / password authentication.
Image credit: Photo by Ethan Hoover on Unsplash